summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/application_controller.rb8
-rw-r--r--test/functional/welcome_controller_test.rb16
2 files changed, 23 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7f42fff76..bb8dae56f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -195,7 +195,13 @@ class ApplicationController < ActionController::Base
url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id])
end
respond_to do |format|
- format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
+ format.html {
+ if request.xhr?
+ head :unauthorized
+ else
+ redirect_to :controller => "account", :action => "login", :back_url => url
+ end
+ }
format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
format.js { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb
index ff4655c48..aafc36159 100644
--- a/test/functional/welcome_controller_test.rb
+++ b/test/functional/welcome_controller_test.rb
@@ -136,4 +136,20 @@ class WelcomeControllerTest < ActionController::TestCase
assert_equal [0, 100], @controller.api_offset_and_limit({:page => 1, :limit => 100})
assert_equal [200, 100], @controller.api_offset_and_limit({:page => 3, :limit => 100})
end
+
+ def test_unhautorized_exception_with_anonymous_should_redirect_to_login
+ WelcomeController.any_instance.stubs(:index).raises(::Unauthorized)
+
+ get :index
+ assert_response 302
+ assert_redirected_to('/login?back_url='+CGI.escape('http://test.host/'))
+ end
+
+ def test_unhautorized_exception_with_anonymous_and_xmlhttprequest_should_respond_with_401_to_anonymous
+ WelcomeController.any_instance.stubs(:index).raises(::Unauthorized)
+
+ @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
+ get :index
+ assert_response 401
+ end
end